You can use cygwin and it comes with openssl compiled.
Regards,
Lin Geng
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Eduardo Fresno
Sent: Wednesday, January 23, 2002 5:54 AM
To: [EMAIL PROTECTED]
Subject: Apache and Mod_SSL
Hi,
I was wondering
What are the "VALUE"s that you refered?
(>> ...so if you wan't to selfsigned your certify you need to change the
values
>> you are putting on both certicates)
Thanks.
-Original Message-
From: Juan Carlos Castro y Castro <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date:
I suggest you use a set of certificate and key that has proven working.
-Original Message-
From: Pedro Gama <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>; SSLEAY
<[EMAIL PROTECTED]>
Date: Wednesday, April 07, 1999 3:51 AM
Subject: Problemas com ca no SSLeay
>Hi,
>
>I wo
Did yuo check the format of the certificate and the key file? Apache uses
PEM.
-Original Message-
From: Brian Pollock <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Sunday, May 09, 1999 5:23 PM
Subject: Problem getting Verisign Cert to work
>Hi
>
>I have seen my ex
I tried to use DH and DSS ciphers and was
unsuccessful. I did modify the config file to put them in.
Should I use a cert with DSS key specified in
there inorder to use DH and DSS?
Thanks
Thanks. I'll like to try it out. Send me the path, please.
Lin geng
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated
Can you access the server in regular HTTP mode?
When you start the server, did you use the -D SSL switch?
lin geng
-Original Message-
From: Ingo Zitzmann <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, May 20, 1999 1:48 PM
Subject: SSL config
8: too many initializers
Also, the do_nt.mat in ms\ does not produce valid make file. An error of
"illegal characer {' in macro" stopped the make. do_ms.bat works fine.
Thanks
lin geng
-Original Message-
From: Ralf S. Engelschall <[EMAIL PROTECTED]>
To: [EMAIL P
rror U1073:
don't know how to make '.\crypto\date.h'
Cheers
lin geng
-Original Message-
From: Ralf S. Engelschall <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Sunday, May 23, 1999 6:30 AM
Subject: Re: Files missing in 990520 snapshot?
Based on the output, the patch was applied OK.
I had to copy header files from openssl\include\openssl to openssl\include
to get the patch going.
I have the screen dump attached as a txt file.
Thanks for the prompt response.
lin geng
-Original Message-
From: Ralf S. Engelschall <[EM
nclude" since the file is specified as "openssl\ssl.h".
Everything else in the build seems OK. Thanks again.
Lin Geng
-Original Message-
From: Ralf S. Engelschall <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>;
[EMAIL PROTECTED] <[EMAIL PROTECTED
?
Thanks.
lin geng
P.S The first time I sent to [EMAIL PROTECTED] and the
mailwas returned.
The user is supposed to create his key pair on his machine and send out the
certificate request. If you are doing everything, then you have the
opportuty to compromise his private key. Technically, this is not a
corrrect way to do certification.
Cheers
lin geng
-Original Message
, then ap_mm_permission(mm,
SSL_MM_FILE_MODE, ap_user_id, -1); causing problem in ssl_engine_scache.c
needs to be conditional
4). #include in ssl_util_table needs to be
conditional.
Thanks.
lin geng
__
Apache
My experience with Netscape is that it caches the session and knows the site
it has been. However, if the browser is shutdown and restarted, of course
it will ask you to pick a certificate. If the browser has not been
shutdown, it should not ask for a certificate, unless you are asked for the
cl
It does not seem port 443 is accepting. How do you know you have apache
listening on 443 if s_client connot connect to it?
Cheers
-Original Message-
From: Kevin Baker <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Tuesday, June 08, 1999 11:32 PM
Subject: browser han
May be a problem of the private key format. Mod_ssl expect PEM format key
file.
Cheers
-Original Message-
From: Ryan Gray <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, June 09, 1999 9:29 AM
Subject: Trouble with certificates
>Hello,
> I just installed
The simplest way is to use the no-rsa option. It seems the deafult
(openssl) is that if you have RSA on, you want authentication. If you
disable RSA, ADH will kicks in automatically.
Cheers
-Original Message-
From: Dick Porter <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED
Thursday, June 10, 1999 9:04 AM
Subject: Re: Encryption with no certificate
>On Wed, Jun 09, 1999 at 09:54:38PM -0400, Lin Geng wrote:
>> >From: Dick Porter <[EMAIL PROTECTED]>
>> >
>> >I'm trying to set up a mod_ssl server, but I only want link encryption
and
Thanks for the info. BTW, is this newly added feature/
Cheers
-Original Message-
From: Ralf S. Engelschall <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, June 10, 1999 2:50 AM
Subject: Re: Trouble with certificates
>On Wed, Jun 09, 1999,
It builds and runs nicely. Thanks.
Cheers
P.S WINNT 4 SP4, VC++ 6.
-Original Message-
From: Ralf S. Engelschall <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>;
[EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, June 09, 1999 10:17 AM
Subject: ANNOUNCE: mod_ssl 2.3.
What about a virtual host with port 80? It may not be a SSL problem.
Cheers
-Original Message-
From: Kevin Baker <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Cc: Lin Geng <[EMAIL PROTECTED]>
Date: Wednesday, June 09, 1999 10:52 PM
Subject: Re: br
If you have a suggestion on how to do it, I like to know it, please.
Cheers
-Original Message-
From: Tim <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, June 10, 1999 5:14 PM
Subject: Re: [BugDB] Compile fix for mod_ssl 2.3.3 with MM (part 2)(PR#187)
>Eh,
1. Can you talk to ..157.50:443?
2. If so, did you use httpS://... to talk to ..157.50:443
based on the ssl log, it does not seem the request ever hit the server.
Cheers
-Original Message-
From: Tarun Tuli <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, June
Good luck for all your exames.
-Original Message-
From: Ralf S. Engelschall <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, June 11, 1999 6:21 AM
Subject: RSE is busy until October
>
>Just for your information:
>
>I'm very busy until approx. mid of October
te: Saturday, June 12, 1999 10:46 AM
Subject: Re: Cant get SSL to work
>No, I can not talk to port 443.
>
>
>
>Lin Geng wrote:
>
>> 1. Can you talk to ..157.50:443?
>> 2. If so, did you use httpS://... to talk to ..157.50:443
>>
>> based on the ssl
It is sort of complicated. Waht is more important is that if the client
does not want to see any certificates, why bother to encrypt data? Since
you can be "securly" talking to the wrong party, encrypt data without
authenticating the server first does not make much sense, unless you are
perfectl
Somehow I remebered that you beed to use -D SSL. At least for the earlier
versions. The space may be necesary (I tried on WIN32).
Cheers
-Original Message-
From: Roman Maeder <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Monday, July 05, 1999 8:00 AM
Subject: inac
I will suggest anyone to read Bruce Schnier's book first before doing
timestamping services. That's a good first step to take.
Cheers
-Original Message-
From: Daniel Reichenbach <[EMAIL PROTECTED]>
To: modssl User List <[EMAIL PROTECTED]>
Date: Thursday, July 08, 1999 9:25 AM
Subject:
I don't really have the inside knowlege of Surety. Timestamping is
complicated business and "Applied Crypto" mentioned the basic requirements.
You have to show the world that your timesamping is credible first. And
that involves a lot of details. Applied crypto have a short section on it.
It w
inetd start the
process.
Thanks.
Lin Geng
Thanks Ralf.
I have a question concerning CRL handling. I found that OPENSSL is loading
cert file and CRL using the same file name. These are X509_load_crl_file
and X509_load_cert_file (in by_file). Is this by design? Should this mean
that the certificate (chain) and CRL are in the same file?
One possible place to look, I suggest, is the configuration files. By
default, ca use openssl.cnf for default values. It seems, based on the
output, the signing step is OK. You have the cert signed and database
updated. I suspect the verification step.
Cheers
-Original Message-
From:
see www.verisign.com .
-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, July 23, 1999 2:02 PM
Subject: Getting Certificate !
Hi everybody,
I want to know how to get certificate. After
install, I
have a Snake
The steps are in the INSTALL.W32 file. I tried the latest version mod_ssl
with apache 1.3.6 and it builds and runs fine. Except that the -D SSL
switch is still needed (when starting aapche).
Cheers
-Original Message-
From: Khimenko Victor <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMA
As far as I knew, you don't have to convert them into PEM format. Apache
takes DER format files.
Lin
-Original Message-
From: Arend van der Veen <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Saturday, August 07, 1999 3:00 PM
Subject: Verisgn Server Certificate for
You select non-export cipher suites. This can be done by disabling all
exportable ciphers. If you launch openssl, just type in "ciphers", all the
cipher suites available should be displayed.
Cheers
-Original Message-
From: ListServ <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROT
There are boards designed to handle hardware encryptions. I remebered
seeing a Califonia based company showing products in last year's Internet
Expo. HP also has some hardware encryption products.
Cheers
Lin
-Original Message-
From: John <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMA
By default, it supposed to be in \usr\local\ssl\. On Windows NT(are you), I
remembered that sometimes I have to go to the source file to modify the
path, changing "/" to "\". There got to be a better way, but I have not
investigated.
Cheers
Lin
-Original Message-
From: Sun JunXu <[EMA
roblem is I have not a /usr/local/ssl, I found this file in
>openssl-0.9.3a. what should I do to get this ssl directory?
>
>sincerely
>sun
>
> --
> From: lin geng[SMTP:[EMAIL PROTECTED]]
> Reply To: [EMAIL PROTECTED]
> Sent: Wednesday, September 08, 1999 10:12 PM
&
Unless your browser supports no-cert authentication, they won't be able to
establish SSL with your server. At least a server certificate is needed.
Lin
PS what is csr? crt, pem, der are the typical types for certificate files.
csr sounds like a certificate signing request. It is not a cert unl
I believe that I had the servlet part working on a mod_ssled Apache.
Lin
-Original Message-
From: Sebastian Szuber <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, September 10, 1999 3:45 AM
Subject: JServ (mod_java) and mod_ssl.
>Hi,
>
>Did anyone successful
I did builds on HPUX-10 with HP C compiler. I guess HPUX-11 is not in the
llist of system config. When you run config, what do you see?
Lin
-Original Message-
From: Saeid.Sadeghi <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Monday, September 13, 1999 7:19 PM
Subj
-Original Message-
From: Pere Camps <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, December 01, 1999 5:54 AM
Subject: no CRLs
>Hi All!
>
>I'm in a situation where I know all my clients certs (I've also
>issued them) but I don't want to handle CRLs
-Original Message-
From: Alex Howansky <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, December 02, 1999 3:19 AM
Subject: confused about RSAref
>
>Hi all,
>
>I've searched the docs and mailing list archives and can't find a
definitive
>answer to my question
-Original Message-
From: P.K.B. Hari Gopal <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, December 10, 1999 6:57 AM
Subject: Installation Problem..
>Hello,
>I have installed openssl-0.9.4 without any errors on WindowNT system.
>During my installation process
-Original Message-
From: Hakan Tandogan <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, December 09, 1999 11:52 AM
Subject: "intermediate" CA status?
>
> Hi,
>
> We are designing a Web-bases application that will use client
>certificates as an alternate pos
issue certificates for other machines, then.
But you can't be a certificate server for other hosts. In another word,
other hosts cannot use your certificate since the certificate specifies the
comman name for a particular host.
Lin geng
__
- Original Message -
From: "Brett Goldstock" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, January 03, 2000 7:06 PM
Subject: I think I lost my server.key...
> I think my server.key file was overwritten while I had an outstanding
> certificate request. I subsequently received
IL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
If you are doing a WIN32 version, you also need to edit the libeay32def
file.
Lin Geng
__
Apache Interface to OpenSSL (mod_ssl)
- Original Message -
From: "john easton" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 06, 2000 2:36 PM
Subject: Do I need to use certificates?
> Hello,
>
> I have recently set up mod_ssl on Apache 1.3.6 and I am just getting
> started messing around with it. My q
__
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
It may not be enough. I think you need to edit the SSL.H file. The def
[EMAIL PROTECTED]]
> PureTLS - free SSLv3/TLS software for Java
> http://www.rtfm.com/puretls/
> __
> Apache Interface to OpenSSL (mod_ssl)
- Original Message -
From: "Sibone Chen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, January 29, 2000 9:37 AM
Subject: Re: Crypto law question...
> Ralf,
>
> I am in China. This law question is relate to me. My problem is: If I need
128
> bit SSL cryption, what should I d
SSL is a session based protocol, it is difficult to use it for file
encryption. It is based on a secret, that is established during the
handshake phase. Once the session is terminated, the secret cannot be
recovered. To encrypt files, s/mime surely can be used.
Cheers
Lin Geng
It seems that you have built it. To run it
correctly, you need to configure apache to use SSL. Look into the samples
of how to use the httpd.conf file. Its all in that file.
Cheers,
Lin Geng
- Original Message -
From:
~{Nb7I~}
To: [EMAIL PROTECTED]
Sent: Friday
Disable port 80.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Conrad Ng
Sent: Wednesday, June 05, 2002 8:47 PM
To: [EMAIL PROTECTED]
Subject: How to disable part of the HTTP pages?
Dear all
After I have implemented the SSL technology in my servers,
57 matches
Mail list logo